PT-2025-36425 · Sourcecodester · Sourcecodester Online Payroll System

Quchunyi1

Publicado

2025-09-08

Atualizado

2025-09-13

CVE-2025-10077

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SourceCodester Online Polling System version 1.0

Description A security issue exists in SourceCodester Online Polling System 1.0. Manipulation of the email argument in the /registeracc.php file may lead to SQL injection. The attack can be launched remotely. The exploit has been publicly disclosed.

Recommendations As a temporary workaround, consider restricting access to the /registeracc.php file to minimize the risk of exploitation. Sanitize the email input to prevent SQL injection attacks.

Exploit

Correção

Special Elements Injection

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-74CWE-89

Identificadores relacionados

CVE-2025-10077

Produtos afetados

Sourcecodester Online Payroll System

PT-2025-36425 · Sourcecodester · Sourcecodester Online Payroll System

CVE-2025-10077

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 12